Re: Timing Adjustable: does it apply to timeout from inactivity (no mouse, keyboard activity)

Will moving SC 2.2.5 to Level A (or AA) be enough then in 2.1 instead
of crafting out new wording?
Content authors  who attempt to meet 2.1 will meet this requirement
unless they have compelling business / functional justification not to
do so. Exceptions do not have to be listed out by the SC then.
Sailesh


On 2/9/17, David MacDonald <david@can-adapt.com> wrote:
>>>I’d be happier to imagine a world where some users are unavoidably timed
> out of sessions (for security reasons or reasons beyond their control) but
> where they could *always* guarantee to re-enter the session at the same
> point without having lost any entered information and choices made.
>
> Me too... I believe there were some difficulties in getting that through in
> WCAg 2. We really tried, but security people shot it down...maybe this time
> around we can scope out those situations that are concerning about storing
> data that the user filled in... perhaps we could say something like
>
> "...preserving all of the data entered and steps completed by the user, and
> allowing them to return to the step at which they were forcibly logged
> out... if such data was stored and is retrievable."
>
> Cheers,
> David MacDonald
>
>
>
> *Can**Adapt* *Solutions Inc.*
> Tel:  613.235.4902
>
> LinkedIn
> <http://www.linkedin.com/in/davidmacdonald100>
>
> twitter.com/davidmacd
>
> GitHub <https://github.com/DavidMacDonald>
>
> www.Can-Adapt.com <http://www.can-adapt.com/>
>
>
>
> *  Adapting the web to all users*
> *            Including those with disabilities*
>
> If you are not the intended recipient, please review our privacy policy
> <http://www.davidmacd.com/disclaimer.html>
>
> On Thu, Feb 9, 2017 at 11:57 AM, Michael Pluke <
> Mike.Pluke@castle-consult.com> wrote:
>
>> You are right that "preserving all of the data entered and steps
>> completed
>> by the user, and allowing them to return to the step at which they were
>> forcibly logged out" is really the same as what SC 2.2.5 proposes – but
>> unfortunately it is only AAA. However, Jason White is right when he
>> highlights the importance of this aspect of the proposal and says it “is
>> an
>> aspect of the proposal that should be supported in relation to time
>> limits
>> for which it makes sense.”
>>
>>
>>
>> What might be good is to see if it is possible to break this out and
>> “identify the time limits for which it makes sense”, include those in the
>> scope, and create a new success criteria that elevates this to at least
>> AA,
>> preferably to A.
>>
>>
>>
>> I’d be happier to imagine a world where some users are unavoidably timed
>> out of sessions (for security reasons or reasons beyond their control)
>> but
>> where they could *always* guarantee to re-enter the session at the same
>> point without having lost any entered information and choices made.
>>
>>
>>
>> Best regards
>>
>>
>>
>> Mike
>>
>>
>>
>> *From:* Sailesh Panchang [mailto:sailesh.panchang@deque.com]
>> *Sent:* 09 February 2017 16:21
>> *To:* David MacDonald <david@can-adapt.com>
>> *Cc:* EA Draffan <ead@ecs.soton.ac.uk>; WCAG <w3c-wai-gl@w3.org>;
>> Jonathan Avila <jon.avila@ssbbartgroup.com>; Alastair Campbell <
>> acampbell@nomensa.com>; Glenda Sims <glenda.sims@deque.com>; Gregg C
>> Vanderheiden <greggvan@umd.edu>
>> *Subject:* Re: Timing Adjustable: does it apply to timeout from
>> inactivity (no mouse, keyboard activity)
>>
>>
>>
>> If the user fails to convey activity or to respond to the 'Continue
>> session?' dialog then it is ok to be timed out.
>> If the application is going to permit one to extend session say a
>> limited number of times, then it is important for the dialog to convey
>> that. i.e. "Continue session? (8 attempts left)'
>>
>> I usually recommend pretty much what the WCAG says: "Warn the user
>> before time expires and give the user at least 20 seconds to extend
>> the time limit with a simple action (for example, "press the space
>> bar"). Show this warning a few times as considered reasonable (WCAG
>> suggests at least ten times)".
>> Content authors can then balance security and accessibility requirements.
>>
>> By the way, I find some applications do a poor job of sensing
>> activity and the popup appears even as one is interacting with an
>> application: even apps that for which timing is not criticaal, like
>> entering data into an online tax app as against an online ticket
>> purchase site.
>>
>> Is what Jason requests, "preserving all of the data entered and steps
>> completed by the user, and allowing them to return to the step at
>> which they were forcibly logged out" not the same as what SC 2.2.5
>> suggests?
>> Thanks and regards,
>> Sailesh Panchang
>>
>> On 2/9/17, David MacDonald <david@can-adapt.com> wrote:
>> >> If the suggested minimal activity were possible and there was some way
>> of
>> > alerting the user to the time passing, that would be a better solution
>> than
>> > not being able to complete the task, as long as the security experts
>> > are
>> > happy.
>> >
>> > In the scenario I'm interested in, the session says open while the user
>> is
>> > active in the program. It would only time out if they didn't interact
>> with
>> > the page for 15 minutes. So the clock is not counting down while they
>> > are
>> > interacting with the site, only when they are not interacting with it.
>> >
>> > Cheers,
>> > David MacDonald
>> >
>> >
>> >
>> > *Can**Adapt* *Solutions Inc.*
>> > Tel: 613.235.4902 <(613)%20235-4902>
>> >
>> > LinkedIn
>> > <http://www.linkedin.com/in/davidmacdonald100>
>> >
>> > twitter.com/davidmacd
>> >
>> > GitHub <https://github.com/DavidMacDonald>
>> >
>> > www.Can-Adapt.com <http://www.can-adapt.com/>
>> >
>> >
>> >
>> > * Adapting the web to all users*
>> > * Including those with disabilities*
>> >
>> > If you are not the intended recipient, please review our privacy policy
>> > <http://www.davidmacd.com/disclaimer.html>
>> >
>> > On Thu, Feb 9, 2017 at 10:18 AM, EA Draffan <ead@ecs.soton.ac.uk>
>> > wrote:
>> >
>> >> If the suggested minimal activity were possible and there was some way
>> of
>> >> alerting the user to the time passing, that would be a better solution
>> >> than
>> >> not being able to complete the task, as long as the security experts
>> >> are
>> >> happy.
>> >>
>> >> Best wishes
>> >> E.A.
>> >>
>> >> Mrs E.A. Draffan
>> >> WAIS, ECS , University of Southampton
>> >> Mobile +44 (0)7976 289103 <+44%207976%20289103>
>> >> http://access.ecs.soton.ac.uk<http://access.ecs.soton.ac.uk/>
>> >> UK AAATE rep http://www.aaate.net/
>> >>
>> >>
>> >> ________________________________
>> >> From: David MacDonald [david@can-adapt.com]
>> >> Sent: 09 February 2017 14:53
>> >> To: WCAG; Jonathan Avila; Alastair Campbell; Glenda Sims; Gregg C
>> >> Vanderheiden
>> >> Subject: Timing Adjustable: does it apply to timeout from inactivity
>> >> (no
>> >> mouse, keyboard activity)
>> >>
>> >> I've been asked to comment on the newly proposed "timed events" SC.
>> >> (1)
>> >>
>> >> What are other evaluators doing with time outs from inactivity? I've
>> >> been
>> >> recommending a warning before 20 seconds before the time out "Do you
>> need
>> >> more time" with "yes/no" buttons.
>> >>
>> >> But if the session stays open as long as the user is active, one might
>> >> argue that the user extended the time limit simply by clicking,
>> >> scrolling,
>> >> typing ... if they did *nothing* it would time out in 15 minutes, but
>> >> by
>> >> using the mouse/keyboard at least every 14:59, they could stay in
>> >> their
>> >> account for up to 150 minutes.
>> >>
>> >> It's a significant question, because if that is the case then I'd say
>> >> there is more flexibility with COGA's requests, which would deal with
>> >> a
>> >> *truly* timed events rather than a simple inactivity logout. Security
>> >> people worry about an abandoned computer left open to others to
>> >> exploit
>> >> and
>> >> don't like extending inactivity logouts.
>> >>
>> >> Thoughts?
>> >>
>> >> ==========
>> >>
>> >> (1) https://github.com/w3c/wcag21/issues/14
>> >>
>> >>
>> >> Cheers,
>> >> David MacDonald
>> >>
>> >>
>> >>
>> >> CanAdapt Solutions Inc.
>> >>
>> >> Tel: 613.235.4902 <(613)%20235-4902>
>> >>
>> >> LinkedIn
>> >> <http://www.linkedin.com/in/davidmacdonald100>
>> >>
>> >> twitter.com/davidmacd<http://twitter.com/davidmacd>
>> >>
>> >> GitHub<https://github.com/DavidMacDonald>
>> >>
>> >> www.Can-Adapt.com<http://www.can-adapt.com/>
>> >>
>> >>
>> >>
>> >> Adapting the web to all users
>> >>
>> >> Including those with disabilities
>> >>
>> >> If you are not the intended recipient, please review our privacy
>> >> policy<
>> >> http://www.davidmacd.com/disclaimer.html>
>> >>
>> >
>>
>>
>>
>

Received on Thursday, 9 February 2017 17:46:44 UTC